Changes according to PR review comments

This commit is contained in:
David Puglielli 2018-05-08 14:12:14 -07:00
Родитель f49da62e5b
Коммит fb1a2ecb70
6 изменённых файлов: 36 добавлений и 27 удалений

Просмотреть файл

@ -419,11 +419,15 @@ pdo_error PDO_ERRORS[] = {
},
{
SQLSRV_ERROR_AKV_NAME_MISSING,
{ IMSSP, (SQLCHAR*) "ID for Azure Key Vault is missing. A username or client Id is required.", -87, false }
{ IMSSP, (SQLCHAR*) "The username or client Id for Azure Key Vault is missing.", -87, false }
},
{
SQLSRV_ERROR_AKV_SECRET_MISSING,
{ IMSSP, (SQLCHAR*) "Secret for Azure Key Vault is missing. A password or client secret is required.", -88, false }
{ IMSSP, (SQLCHAR*) "The password or client secret for Azure Key Vault is missing.", -88, false }
},
{
SQLSRV_ERROR_KEYSTORE_INVALID_VALUE,
{ IMSSP, (SQLCHAR*) "Invalid value for loading Azure Key Vault.", -89, false}
},
{ UINT_MAX, {} }
};

Просмотреть файл

@ -945,15 +945,15 @@ void load_azure_key_vault( _Inout_ sqlsrv_conn* conn TSRMLS_DC )
if ( ! conn->ce_option.enabled || ! conn->ce_option.akv_required )
return;
CHECK_CUSTOM_ERROR( conn->ce_option.akv_auth == NULL || Z_STRLEN_P(conn->ce_option.akv_auth) <= 0, conn, SQLSRV_ERROR_AKV_AUTH_MISSING) {
CHECK_CUSTOM_ERROR( conn->ce_option.akv_auth == NULL, conn, SQLSRV_ERROR_AKV_AUTH_MISSING) {
throw core::CoreException();
}
CHECK_CUSTOM_ERROR( conn->ce_option.akv_id == NULL || Z_STRLEN_P(conn->ce_option.akv_id) <= 0, conn, SQLSRV_ERROR_AKV_NAME_MISSING) {
CHECK_CUSTOM_ERROR( conn->ce_option.akv_id == NULL, conn, SQLSRV_ERROR_AKV_NAME_MISSING) {
throw core::CoreException();
}
CHECK_CUSTOM_ERROR( conn->ce_option.akv_secret == NULL || Z_STRLEN_P(conn->ce_option.akv_secret) <= 0, conn, SQLSRV_ERROR_AKV_SECRET_MISSING) {
CHECK_CUSTOM_ERROR( conn->ce_option.akv_secret == NULL, conn, SQLSRV_ERROR_AKV_SECRET_MISSING) {
throw core::CoreException();
}
@ -962,16 +962,8 @@ void load_azure_key_vault( _Inout_ sqlsrv_conn* conn TSRMLS_DC )
char *akv_secret = Z_STRVAL_P( conn->ce_option.akv_secret );
unsigned int id_len = static_cast<unsigned int>( Z_STRLEN_P( conn->ce_option.akv_id ));
unsigned int key_size = static_cast<unsigned int>( Z_STRLEN_P( conn->ce_option.akv_secret ));
if ( !stricmp(akv_auth, "KeyVaultPassword") )
{
configure_azure_key_vault( conn, AKV_CONFIG_FLAGS, AKVCFG_AUTHMODE_PASSWORD, 0 );
}
else if ( !stricmp(akv_auth, "KeyVaultClientSecret") )
{
configure_azure_key_vault( conn, AKV_CONFIG_FLAGS, AKVCFG_AUTHMODE_CLIENTKEY, 0 );
}
configure_azure_key_vault( conn, AKV_CONFIG_FLAGS, conn->ce_option.akv_mode, 0 );
configure_azure_key_vault( conn, AKV_CONFIG_PRINCIPALID, akv_id, id_len );
configure_azure_key_vault( conn, AKV_CONFIG_AUTHSECRET, akv_secret, key_size );
}
@ -1078,6 +1070,12 @@ void ce_akv_str_set_func::func( _In_ connection_option const* option, _In_ zval*
{
SQLSRV_ASSERT( Z_TYPE_P( value ) == IS_STRING, "Azure Key Vault keywords accept only strings." );
size_t value_len = Z_STRLEN_P( value );
CHECK_CUSTOM_ERROR( value_len <= 0, conn, SQLSRV_ERROR_KEYSTORE_INVALID_VALUE ) {
throw core::CoreException();
}
switch( option->conn_option_key )
{
case SQLSRV_CONN_OPTION_KEYSTORE_AUTHENTICATION:
@ -1088,6 +1086,7 @@ void ce_akv_str_set_func::func( _In_ connection_option const* option, _In_ zval*
throw core::CoreException();
}
conn->ce_option.akv_auth = value;
conn->ce_option.akv_mode = stricmp( value_str, "KeyVaultPassword" ) ? AKVCFG_AUTHMODE_CLIENTKEY : AKVCFG_AUTHMODE_PASSWORD;
conn->ce_option.akv_required = true;
break;
}

Просмотреть файл

@ -1055,6 +1055,7 @@ struct stmt_option;
// This holds the various details of column encryption.
struct col_encryption_option {
bool enabled; // column encryption enabled, false by default
SQLINTEGER akv_mode;
zval_auto_ptr akv_auth;
zval_auto_ptr akv_id;
zval_auto_ptr akv_secret;
@ -1717,6 +1718,7 @@ enum SQLSRV_ERROR_CODES {
SQLSRV_ERROR_AKV_AUTH_MISSING,
SQLSRV_ERROR_AKV_NAME_MISSING,
SQLSRV_ERROR_AKV_SECRET_MISSING,
SQLSRV_ERROR_KEYSTORE_INVALID_VALUE,
SQLSRV_ERROR_ENCRYPTED_STREAM_FETCH,
// Driver specific error codes starts from here.

Просмотреть файл

@ -410,11 +410,15 @@ ss_error SS_ERRORS[] = {
},
{
SQLSRV_ERROR_AKV_NAME_MISSING,
{ IMSSP, (SQLCHAR*) "ID for Azure Key Vault is missing. A username or client Id is required.", -112, false }
{ IMSSP, (SQLCHAR*) "The username or client Id for Azure Key Vault is missing.", -112, false }
},
{
SQLSRV_ERROR_AKV_SECRET_MISSING,
{ IMSSP, (SQLCHAR*) "Secret for Azure Key Vault is missing. A password or client secret is required.", -113, false }
{ IMSSP, (SQLCHAR*) "The password or client secret for Azure Key Vault is missing.", -113, false }
},
{
SQLSRV_ERROR_KEYSTORE_INVALID_VALUE,
{ IMSSP, (SQLCHAR*) "Invalid value for loading Azure Key Vault.", -114, false}
},
// terminate the list of errors/warnings

Просмотреть файл

@ -45,10 +45,10 @@ $keystore = "none"; // key store provider, acceptable values are none, w
$dataEncrypted = false; // whether data is to be encrypted
// for Azure Key Vault
$keyStoreAuthentication = 'KeyVaultPassword'; // can be KeyVaultPassword or KeyVaultClientSecret
$principalName = 'name'; // for use with KeyVaultPassword
$AKVPassword = 'password'; // for use with KeyVaultPassword
$clientID = 'clientid'; // for use with KeyVaultClientSecret
$AKVSecret = 'secret'; // for use with KeyVaultClientSecret
$AKVKeyStoreAuthentication = 'TARGET_AKV_AUTH'; // can be KeyVaultPassword or KeyVaultClientSecret
$AKVPrincipalName = 'TARGET_AKV_PRINCIPAL_NAME'; // for use with KeyVaultPassword
$AKVPassword = 'TARGET_AKV_PASSWORD'; // for use with KeyVaultPassword
$AKVClientID = 'TARGET_AKV_CLIENT_ID'; // for use with KeyVaultClientSecret
$AKVSecret = 'TARGET_AKV_CLIENT_SECRET'; // for use with KeyVaultClientSecret
?>

Просмотреть файл

@ -45,10 +45,10 @@ $keystore = "none"; // key store provider, acceptable values are none, w
$dataEncrypted = false; // whether data is to be encrypted
// for Azure Key Vault
$keyStoreAuthentication = 'KeyVaultPassword'; // can be KeyVaultPassword or KeyVaultClientSecret
$principalName = 'name'; // for use with KeyVaultPassword
$AKVPassword = 'password'; // for use with KeyVaultPassword
$clientID = 'clientid'; // for use with KeyVaultClientSecret
$AKVSecret = 'secret'; // for use with KeyVaultClientSecret
$AKVKeyStoreAuthentication = 'TARGET_AKV_AUTH'; // can be KeyVaultPassword or KeyVaultClientSecret
$AKVPrincipalName = 'TARGET_AKV_PRINCIPAL_NAME'; // for use with KeyVaultPassword
$AKVPassword = 'TARGET_AKV_PASSWORD'; // for use with KeyVaultPassword
$AKVClientID = 'TARGET_AKV_CLIENT_ID'; // for use with KeyVaultClientSecret
$AKVSecret = 'TARGET_AKV_CLIENT_SECRET'; // for use with KeyVaultClientSecret
?>